CVE-2003-0411 - Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code

CVE-2003-0411

Summary

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.

References

Vulnerable Configurations

cpe:2.3:a:oracle:sun_one_application_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sun_one_application_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 02-02-2024 - 02:18)
Impact:
Exploitability:

CWE

CWE-178

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	7709
bugtraq	20030526 Multiple Vulnerabilities in Sun-One Application Server
ciac	N-103
misc	http://www.spidynamics.com/sunone_alert.html
sunalert	1000610 55221
xf	sunone-jsp-source-disclosure(12093)

Last major update

02-02-2024 - 02:18

Published

30-06-2003 - 04:00

Last modified

02-02-2024 - 02:18